Configure TLS Strong Encryption
You can configure TLS strong encryption for LCE-client communications to meet the security needs of your organization. LCE uses TLS 1.2 to encrypt LCE-client communications. For more information about LCE encryption, see Encryption Strength.
To configure TLS strong encryption for LCE communications:
-
Log in to LCE via the command line interface (CLI).
-
In the CLI in LCE, run the following command to specify the cipher you want to use for TLS encryption:
source /opt/lce/tools/exigent-sessions.bashrc
undoc-config --set lced cryptSyslog_ciphersuiteSelector <cipher you want to use for TLS encryption>
For example:
source /opt/lce/tools/exigent-sessions.bashrc
undoc-config --set lced cryptSyslog_ciphersuiteSelector ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384
-
Run the following command to restart all LCE daemons:
restart-all bar-pg
All LCE daemons restart.